Commit graph

86 commits

Author SHA1 Message Date
veego
819856f884 Fix build problems on systems without setproctitle(3).
Check setproctitle in the configure script and remove the define
in patch-ba.
2002-02-24 12:25:40 +00:00
tron
f37b9070d0 Update "squid" package to version 2.4STABLE4. Changes since version
2.4STABLE3:
- htcp_port 0 now properly disables htcp
- Fixed problem with certain non-anonymous ftp:// style URL's
- SNMP bugfixes including several memory leaks
2002-02-22 10:07:38 +00:00
jmc
d4867af19e squid-2.4.STABLE3-SNMP_memory_leaks.patch has been updated and checks out the
same from all 3 master sites. Updating distinfo
2002-02-19 03:57:40 +00:00
taca
058d558941 Update squid to squid-2.4.3nb1.
- replace a hack adding fd_mask definition in autoconf.h with re-writing
  configure script.  It cause to run configure twice and result "no fd_mask".
- Incorporate three official patches from
  http://www.squid-cache.org/Versions/v2/2.4/bugs/.

o SNMP memory leaks

	synopsis
		The SNMP implementation in Squid had several memory leaks
		possibly causing an denial of service.

	workaround
		Disable the SNMP port if enabled by using "snmp_port 0" in
		squid.conf.  Or if you only use SNMP for MRTG data
		collection running on the same host then use
		"snmp_incoming_address 127.0.0.1" to limit reachability
		of the SNMP port to only localhost or some other trusted
		network.

o Coredump on certain ftp:// style URL's

	synopsis
		If certain constructed ftp:// style URL's are received then
		squid crashes, causing a denial of service and maybe even
		remote execution of code.

	workaround
		Deny forwarding of non-anonymous FTP URLs by inserting
		the following rules at the top of squid.conf, prior to
		any http_access allow lines.

		acl non_anonymous_ftp url_regex -i ftp://[^/@]*@
		http_access deny non_anonymous_ftp

o "htcp_port 0" fails to disable the HTCP port

	synopsis
		"htcp_port 0" fails to completely disable the HTCP port as
		documented in squid.conf, instead HTCP will be listening on
		a random port number.
2002-02-18 17:00:38 +00:00
veego
d8b74df533 Create ${PREFIX}/etc/squid during pre-install, so copying the default
config file doesn't fail.
2002-02-10 19:26:56 +00:00
taca
7d04de62b8 Update squid to 2.4.3 (squid-2.4.STABLE3), referring to tech-pkg's mail
from "Ciarcinski, Adam \(ISS Brussels\)" <ACiarcinski@iss.net>.

From ChangeLog:

Changes to Squid-2.4.STABLE3 (Nov 28, 2001):

	- Fixed bug #255: core dump on SSL/CONNECT if access denied by
	  miss_access
	- Fixed bug #246: corrupt on-disk meta information preventing
	  rebuilds of lost swap.state files
	- Fixed bug #243: squid_ldap_auth now supports spaces in passwords
	- Fixed a coredump when creating FTP directories
	- Fixed a compile time problem with statHistDump prototype mistmatch,
	  reported by some compilers
	- Fixed a potential coredump situation on snmpwalk in certain
	  configurations
	- Fixed bug #229: filedescriptor leakage in the "aufs" cache_dir
	  store implementation
	- Serbian error message translations

I added following changes, too.

o honor PKG_SYSCONFDIR keep SQUID_SYSCONFDIR effective.
o Add --disable-internal-dns.  This made external dnsserver
  available.  External dnsserver could be disabled with configuration
  file.
o Enable optimization with "-O".
o Fix a problem to access nat device when transparent proxy enabled.
  This fix will be contained in squid 2.5 release.
o setproctitle() hack for external dnsserver from daemonnews's article.
2001-12-12 17:06:18 +00:00
tron
f4354210d0 Fix problems caused by recent changes: the example configuration files get
installed into "etc/squid" (and are not moved arround after installation).
The message of the install script matches the actual layout again and is
adapted to changes to "SQUID_SYSCONFDIR".
2001-11-23 10:22:53 +00:00
kim
7aceab2279 Config files cannot be forced into ${PREFIX}. 2001-11-17 23:47:24 +00:00
tron
e3061c9141 Correct path for configuration files in installation instructions. Problem
noted by Hubert Feyrer in private e-mail.
2001-11-08 06:58:10 +00:00
tron
dd013767dd Use "--enable-storeio=ufs,diskd" instead of "--enable-storeio=diskd" to
get "ufs" storage type build again because we will otherwise break lots
of existing configurations. Problem pointed out by Simon Burge via e-mail.
2001-11-06 07:22:13 +00:00
tron
823ce591bc Activate store type "diskd" by default as suggested by Grant Beattie in
PR pkg/14476.
2001-11-06 03:05:14 +00:00
zuntum
431e7a7dda Move pkg/ files into package's toplevel directory 2001-11-01 02:15:23 +00:00
tron
153306a3ea Update "squid" package to 2.4.STABLE2. Changes since 2.4.STABLE1:
- Expanded configure's GCC opimization disabling check to
  include GCC 2.95.3
- avoid negative served_date in storeTimestampsSet().
- Made 'diskd' pathnames more configurable
- Make sure squid parent dies if child is killed with
  KILL signal
- Changed diskd offset args to off_t instead of int
- Fixed bugs #102, #101, #205: various problems with useragent
  log files
- Fixed bug #116: Large Age: values still cause problems
- Fixed bug #119: Floating point exception in
  storeDirUpdateSwapSize()
- Fixed bug #114: usernames not logged with
  authenticate_ip_ttl_is_strict
- Fixed bug #115: squid eating up ressources (eventAdd args)
- Fixed bug #125: garbage HTCP requests cause assertion
- Fixed bug #134: 'virtual port' support ignores
  httpd_accel_port, causes a loop in httpd_accel mode
- Fixed bug #135: assertion failed: logfile.c:135: "lf->offset
  <= lf->bufsz"
- Fixed bug #137: Ranges on misses are over-done
- Fixed bug #160: referer_log doesn't seem to work
- Fixed bug #162: some memory leaks (SNMP, delay_pools,
  comm_dns_incoming histogram)
- Fixed bug #165: "Store Mem Buffer" leaks badly
- Fixed bug #172: Ident Based ACLs fail when applied to
  cache_peer_access
- Fixed bug #177: LinuxPPC 2000 segfault bug due to varargs abuse
- Fixed bug #182: 'config' cachemgr option dumps core with
  null storage
- Fixed bug #185: storeDiskdDirParseQ[12]() use wrong number
  of args in debug/printf
- Fixed bug #187: bugs in lib/base64.c
- Fixed bug #184: storeDiskdShmGet() assertion; changed
  diskd to use bitmap instead of linked list
- Fixed bug #194: Compilation fails on index() on some
  non-BSD plaforms
- Fixed bug #197: refreshIsCachable() incorrectly checks
  entry->mem_obj->reply
- Fixed bug #215: NULL pointer access for proxy requests
  in accel-only mode
2001-10-09 19:01:49 +00:00
tron
f38aa4ec86 Adapt package list to configuration options dynamically. This fixes
PR pkg/13971 by David Sainty.
2001-09-18 16:24:57 +00:00
tron
fdb89cb7cc Wait upto 60 instead of 20 seconds for "squid" to terminate. 2001-09-18 16:12:11 +00:00
tron
7e69535eb5 Remove "--enable-parent-hack" now that "squid" is invoked without
"RunCache" again.
2001-07-30 07:32:13 +00:00
tron
369b9ee1cf Rework startup script:
- We don't want to wait forever until "squid" terminates. Wait at most
  20 seconds after a shutdown command use "kill" afterwards.
- Don't use "RunCache" to start "squid", it is not necessary and only
  causes trouble.
- Bring the "rotate" command which got lost in last update.
Bump package version number to 2.4.1nb2.
2001-07-30 07:30:11 +00:00
tron
8b0b9ed443 Remove commands to create data directories which could break existing
squid installations. These directories should be created by the
administrator after selecting the proper directory.
2001-07-29 16:47:01 +00:00
tron
40cda95416 - Apply some of the changes suggested by Greg A. Woods in PR 13427 and
include his improved "rc.d" script.
- Use the same directory structure as in the Apache package. The
  configuration files are now in "${PREFIX}/etc/squid" and won't be
  removed during deinstallation.
- Remove unnecessary configuration variables "SQUID_HTTP_PORT" and
  "SQUID_ICP_PORT". These values can perfectly be adjusted by editing
  the configuration file and supporting all these variables would make
  the package too complex.
- Bump the version number to 2.4.1nb1.
2001-07-29 16:41:18 +00:00
tron
a5e6d8ab03 Add missing "Size" entries. 2001-05-21 05:27:56 +00:00
tron
faba133276 Add missing "shutdown" keyword in startup file. 2001-05-10 21:58:01 +00:00
wennmach
96058422d4 o remove whitespace from Makefile
o add $NetBSD$ RCS tag to patch-ab
o regen distinfo
2001-05-01 18:07:48 +00:00
jlam
1edfee944f Change build dependency from perl-5.* to perl>=${PERL5_REQD}. 2001-04-30 03:46:32 +00:00
agc
8f972b049a + move the distfile digest/checksum value from files/md5 to distinfo
+ move the patch digest/checksum values from files/patch-sum to distinfo
2001-04-17 12:12:16 +00:00
tron
6c7cb1ab30 Update "squid" package to version 2.4STABLE1. Changes since 2.3STABLE4:
- Fixed a bug in and cleaned up class 2/3 delay pools incrementing.
- Fixed a coredump bug when using external dnsservers that become overloaded.
- Fixed some NULL pointer bugs for NULL storage system when reconfiguring.
- Fixed a bug with useragent logging that caused Squid to think the logfile
  never got opened.
- Fixed a compiling bug with --disable-unlinkd.
- Changed src/squid.h to always use O_NONBLOCK on Solaris if it is defined.
- Fixed a bug with signed/unsigned bitfield flag variables that caused
  problems on Solaris.
- Fixed a bug in clientBuildReplyHeader() that could add an Age: header with
  a negative value, causing an assertion later.
- Fixed an SNMP reporting bug.   cacheCurrentResFileDescrCnt was returning
  the number of FDs in use, rather than the number of reserved FDs.
- Added the 'pipeline_prefetch' configuration option.
- cache_dir syntax changed to use options instead of many arguments. This
  means that the max_objsize argument now is an optional option, and that
  the syntax for how to specify the diskd magics is slightly different.
- Various fixes for CYGWIN
- Upgraded MSNT auth module to version 2.0.
- Fixed potential problems with HTML by making sure all HTML output is
  properly encoded.
- Fixed a memory initialization problem with resource records in
  lib/rfc1035.c.
- Rewrote date parsing in lib/rfc1123.c and made it a little more lenient.
- Added Cache-control: max-stale support.
- Fixed 'range_offset_limit' again.  The problem this time is that
  client_side.c wouldn't set the we_dont_do_ranges flag for normal cache
  misses.  It was only being set for requests that might have been hits,
  but we decided to change to a miss.
- Added the Authenticate-Info and Proxy-Authenticate-Info headers from
  RFC 2617.
- HTTP header lines longer than 64K could cause an assertion.
  Now they get ignored.
- Fixed an IP address scanning bug that caused "123.foo.com" to be
  interpreted as an IP address.
- Converted many structure allocations to use mem pools.
- Changed proxy authentication to strip leading whitespace from usernames
  after decoding.
- Prevented NULL pointer access in aclMatchAcl(). Some ACL types require
  checklist->request_t, but it won't be available in some cases (like
  snmp_access).  Warn the admin that the ACL can't be checked and that
  we're denying it.
- Allow zero-size disk caches.
- The actual filesystem blocksize is now used to account
  for space overheads when calculating on-disk cache size.
- Made the maximum memory cache object size configurable.
- Added 'minimum_direct_rtt' configuration option.
- Added 'ie_refresh' configuration option, which is a hack
  to turn IMS requests into no-cache requests.
- Added Linux netfilter support for intercepted connections.
- Fixed a bug with clientAccessCheck() that allowed proxy
  requests in accel mode.
- Fixed a bug with 301/302 replies from redirectors.  Now
  we force them to be cache misses.
- Accommodated changes to the IP-Filter ioctl() interface
  for intercepted connections.
- Fixed handling of client lifetime timeouts.
- Fixed a buffer overflow bug with internal DNS replies
  by truncating received packets to 512 bytes, as per
  RFC 1035.
- Added "forward.log" support, but its work in progress.
- Rewrote much of the IP and FQDN cache implementation.
  This change gets rid of pending hits.
- Changed peerWouldBePinged() to return false if our
  ICP/HTCP port is zero (i.e. disabled).
- Changed src/net_db.c to use src/logfile.c routines,
  rather than stdio, because of solaris stdio filedescriptor
  limits.
- Made netdbReloadState() more robust in case of corrupted
  data.
- Rewrote some freshness/staleness functions in src/refresh.c,
  partially inspired to support cache-control max-stale.
- Fixed status code logging for SSL/CONNECT requests.
- Added a hack to subtract cache digest network traffic
  from statistics so that byte hit ratio stays positive
  and more closely reflects what people expect it to be.
- Fixed a bug with storeCheckTooSmall() that caused
  internal icons and cache digests to always be released.
- Added statfs(2) support for displaying actual filesystem
  usage in the cache manager 'storedir' output.
- Changed status reporting for storage rebuilding.  Now it
  prints percentage complete instead of number of entries
  parsed.
- Use mkstemp() rather than problem-prone tempnam().
- Changed urlParse() to condense multiple dots in hostnames.
- Major rewrite of async-io (src/fs/aufs) to make it behave
  a bit more sane with substantially less overhead.  Some
  tuning work still remains to make it perform optimal.
  See the start of store_asyncufs.h for all the knobs.
- Fixed storage FS modules to use individual swap space
  high/low values rather than the global ones.
- Fixed storage FS bugs with calling file_map_bit_reset()
  before checking the bit value.  Calling with an invalid
  value caused memory corruption in random places.
- Prevent NULL pointer access in store_repl_lru.c for
  entries that exist in the hash but not the LRU list.
- Added --enable-auth-modules=... configure option
- Improved ICP dead peer detection to also work when the workload
  is low
- Improved TCP dead peer detection and recovery
- Squid is now a bit more persistent in trying to find a alive
  parent when never_direct is used.
- nonhierarchical_direct squid.conf directive to make non-ICP
  peer selection behave a bit more like ICP selection with respect
  to hierarchy.
- Bugfix where netdb selection could override never_direct
- ICP timeout selection now prefers to use parents only when
  calculating the dynamic timeout to compensate for common RTT
  differences between parents and siblings.
- No longer starts to swap out objects which are known to be above
  the maximum allowed size.
- allow-miss cache_peer option disabling the use of "only-if-cached".
  Meant to be used in conjunction with icp_hit_stale.
- Delay pools tuned to allow large initial pool values
- cachemgr filesystem space information changed to show useable space
  rather than raw space, and platform support somewhat extended.
- Logs destination IP in the hierarchy log tag when going direct.
  (can be disabled by turning log_ip_on_direct off)
- Async-IO on linux now makes proper use of mutexes. This fixes some
  odd pthread segfaults on SMP Linux machines, at a slight performance
  penalty.
- %s can now be used in cache_swap_log and will be substituded with
  the last path component of cache_dir.
- no_cache is now a full ACL check without, allowing most ACL types
  to be used.
- The CONNECT method now obeys miss_access requirements
- proxy_auth_regex and ident_regex ACL types
- Fixed a StoreEntry memory leak during "dirty" rebuild
- Helper processes no longer hold unrelated filedescriptors open
- Helpers are now restarted when the logs are rotated
- Negatively cached DNS entries are now purged on "reload".
- PURGE now also purges the DNS cache
- HEAD on FTP objects no longer retreives the whole object
- More cleanups of the dstdomain ACL type
- Squid no longer tries to do Range internally if it is not supported
  by the origin server. Doing so could cause bandwidth spikes and/or
  negative hit ratio.
- httpd_accel_single_host squid.conf directive
- "round-robin" cache_peer counters are reset every 5 minutes to
  compensate previously dead peers
- DNS retransmit parameters
- Show all FTP server messages
- squid.conf.default now indicates if a directive isn't enabled in
  the installed binary, and what configure option to use for enabling it
- Fixed a temporary memory leak on persistent POSTs
- Fixed a temporary memory leak when the server response headers
  includes NULL characters
- authenticate_ip_ttl_is_strict squid.conf option
- req_mime_type ACL type
- A reworked storage system that supports storage directories in
  a more modular fashion. The object replacement and IO is now
  responsibility of the storage directory, and not of the storage
  manager.
- Fixed a bogous MD5 mismatch warning sometimes seen when using
  aufs or diskd stores
- Added --enable-stacktraces configure option to set PRINT_STACK_TRACE,
  and extended support for this to Linux/GNU libc.
- Disabled the "request timeout" error message sent if the user agent
  did not provide a request in a timely manner after opening the
  connection. Now the connection is silently closed. The error message
  was confusing user agents utilizing persistent connections.
- Fixed configure --enable descriptions to match the arg names.
- Eliminated compile warnings from auth_modules/MSNT code.
- Require first character of hostnames to be alphanumeric.
- Made ARP ACL work for Solaris.
- Removed storeClientListSearch().
- Added counters to track diskd operation success and
  failures.
- Fixed range_offset_limit.
- Added code to retry ServFail replies for internal DNS
  lookups.
- Added referer header logging (Jens-S. Voeckler).
- Added "multi-domain-NTLM" authentication module, a Perl
  script from Thomas Jarosch.
- Added configurable warning messages for high memory usage,
  high response time, and high page faults.
- Made store dir selection algorithm configurable.
- Added support for admin-definable extension methods,
  up to 20.
- Added 'maximum_object_size_in_memory' as a configuration option -
  this defines the watermark where objects transit from being true
  hot objects to being in-transit objects in memory. It currently
  defaults to 8 KB.
- Change to the fqdn code which changes how pending DNS requests
  are treated as private and only become public once they are
  completed. This can add extra load on DNS servers but prevents
  all the pending clients blocking if one of the queries got
  stuck. (Duane Wessels)
- Converted more code to use MemPools, from Andres Kroonmaa.
- Added more CYGWIN patches from Robert Collins.
- Added Logfile module.
- Added DISKD stats via cachemgr.
- Added squid.conf options for DISKD magic constants.
2001-04-14 10:05:00 +00:00
hubertf
e32afb6fea Change BUILD_DEPENDS semantics:
first component is now a package name+version/pattern, no more
executable/patchname/whatnot.

While there, introduce BUILD_USES_MSGFMT as shorthand to pull in
devel/gettext unless /usr/bin/msgfmt exists (i.e. on post-1.5 -current).

Patch by Alistair Crooks <agc@netbsd.org>
2001-03-27 03:19:43 +00:00
hubertf
d32e698de6 Cleanup MKDIR usage => INSTALL_*_DIR
XXX need to teach pkglint to be more picky about this
2001-02-25 04:17:35 +00:00
tron
e1b13d857f Add missing "PROVIDE:" line. 2001-02-24 18:01:28 +00:00
wiz
a0745845b3 Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT. 2001-02-17 17:21:28 +00:00
tron
634c6d3f29 Provide a new style startup script with backwards compatibility. 2001-02-04 20:46:14 +00:00
tron
b9f759c162 Add missing "REQUIRE: DAEMON" so that squid gets started at the correct
time during system startup.
2001-01-30 19:24:22 +00:00
hubertf
a3cd4f3b8c etc/rc.d: squid.sh -> squid 2001-01-26 04:56:13 +00:00
hubertf
32e7505da2 Make this fit our rc.d start/stop scheme 2000-12-16 09:45:44 +00:00
hubertf
13ba66975d Create localstatedir etc. 2000-12-16 09:45:18 +00:00
taca
70e636c13d - Add a patch from http://www.squid-cache.org/Versions/v2/2.3/bugs/ for
fixing "CARP assertion on sum of load factors" bug.
- Update package name to squid-2.3s4nb3.
2000-12-13 16:03:39 +00:00
taca
0c5dd40669 - Update package name to squid-2.3s4nb2 suggested by
Christoph Badura <bad@bsd.de>.
2000-11-28 01:09:17 +00:00
taca
bfab8248d6 - add two patches from http://www.squid-cache.org/Versions/v2/2.3/bugs/ .
Should I update to squid-2.3s4nb2?
2000-11-27 14:39:49 +00:00
wiz
abe3402bb3 regen 2000-11-09 12:39:10 +00:00
jdolecek
d05f70015f fix path to patched files 2000-11-02 10:41:45 +00:00
jdolecek
dc177a8d19 add log_mime_hdrs_list directive - this directive specifies list of
headers to log into access log when log_mime_hdrs is on
the change will be sent to Squid maintainers for possible future inclusion
shortly
2000-11-02 10:31:38 +00:00
veego
313e13dc34 Update squid from 2.3stable3 to 2.3stable4:
Important Changes:

- offline_toggle
   You can now toggle the 'offline_mode' option from the cache manager.
- minimum_object_size
   Added the 'minimum_object_size' option. Files smaller than this size are
   not cached.
- passive_ftp
   If your firewall doesn't allow passive FTP transfers, you can tell Squid
   to use PORT instead by turning the 'passive_ftp' option off.
- wccp_version
   Some Cisco IOS versions expect to receive WCCP packets with version set
   to three. The 'wccp_version' option allows you to change it, from the
   default value of four.
2000-10-15 20:17:44 +00:00
tron
64d1c52ea7 Use correct spelling "--enable-delay-pools" in configuration options.
Problem noted by Olaf Seibert in private e-mail.
2000-10-10 10:28:39 +00:00
jlam
60d8d28f10 Update build dependency on perl to build in correct directory if perl
interpreter is not found.
2000-09-05 09:33:15 +00:00
wiz
7d41c3d47e remove whitespace for pkglint 2000-09-03 13:42:22 +00:00
jlam
06f0a4c3c2 Use new PERL5 variable instead of ${LOCALBASE}/bin/perl. 2000-08-27 02:46:03 +00:00
hubertf
d3d16ac67a We aren't FreeBSD 2000-07-26 02:57:49 +00:00
tron
2dee8c6ecb Update "squid" package to version 2.3 STABLE 3. Changes since 2.3 STABLE 2:
- You can now toggle the 'offline_mode' option from the cache manager.
- Added the 'minimum_object_size' option. Files smaller than this size are
  not cached.
- If your firewall doesn't allow passive FTP transfers, you can tell Squid
  to use PORT instead by turning the 'passive_ftp' option off.
- Some Cisco IOS versions expect to receive WCCP packets with version set
  to three. The 'wccp_version' option allows you to change it, from the
  default value of four.
2000-05-19 07:18:55 +00:00
rh
bc2b0a9079 Update md5 checksum and remove PATCH_DIST_ARGS which is now superfluous
due to fixed patches.  Fixes PR 10026 by David Rankin.
2000-05-03 15:14:53 +00:00
tron
9d21aec5b7 - Update home page URL.
- Update master site list.
- Apply patches from squid home page.
2000-03-21 10:09:51 +00:00
tron
e0f3b9a4ee Back out last commit. "ftp.xlink.de" is not an official name. 2000-03-07 20:05:22 +00:00